Achieve higher security with certificate bindings – How it works!
Dear Microsoft Entra friends, In this article I would like to take a closer look at the subject of certificate affinity binding. So that even more security can…
Achieve higher security with certificate bindings – How it works!
Dear Microsoft Entra friends, In this article I would like to take a closer look at the subject of certificate affinity binding. So that even more security can…
Azure AD extension attributes from AD Connect
I'm struggling with finding my data in AAD. We've been running Azure Connect for years to bring the data from our on-prem AD over to our AAD instance. Back last…
Azure AD extension attributes from AD Connect
I'm struggling with finding my data in AAD. We've been running Azure Connect for years to bring the data from our on-prem AD over to our AAD instance. Back last…
New Blog | What’s new in Microsoft Entra
Microsoft has recently introduced a range of new security tools and features for the Microsoft Entra product family, aimed at helping organizations to improve their security posture. With the ever-increasing…
New Blog | What’s new in Microsoft Entra
Microsoft has recently introduced a range of new security tools and features for the Microsoft Entra product family, aimed at helping organizations to improve their security posture. With the ever-increasing…
Prevent Entra ID /authorize endpoint from logging users to other microsoft services
Hi, We want to use entra id as an OIDC provider to log in users to our applications. However, our use case requires that when users log in (on…
Prevent Entra ID /authorize endpoint from logging users to other microsoft services
Hi, We want to use entra id as an OIDC provider to log in users to our applications. However, our use case requires that when users log in (on…
Device filter in the conditional access policies
Dear Microsoft Entra Friends, What is your experience with the device filter in the conditional access policies (Microsoft Entra ID)? The values of the attributes are not correct…
Device filter in the conditional access policies
Dear Microsoft Entra Friends, What is your experience with the device filter in the conditional access policies (Microsoft Entra ID)? The values of the attributes are not correct…
‘Microsoft App Access Panel’ and Conditional Access with SSPR combined registration bug
Currently, enabling self-service password reset (SSPR) registration enforcement causes the app 'Microsoft App Access Panel' to be added to the login flow of users who have SSPR enabled. This app…
‘Microsoft App Access Panel’ and Conditional Access with SSPR combined registration bug
Currently, enabling self-service password reset (SSPR) registration enforcement causes the app 'Microsoft App Access Panel' to be added to the login flow of users who have SSPR enabled. This app…
Strange credential sync problem on workstation after password reset on AD/AAD hybrid environment.
So, our business is a hybrid AD/AAD site. We also use Office 365 and enforce MFA thru Authenticator to login to Microsoft applications (but not the PC itself, we still…
Strange credential sync problem on workstation after password reset on AD/AAD hybrid environment.
So, our business is a hybrid AD/AAD site. We also use Office 365 and enforce MFA thru Authenticator to login to Microsoft applications (but not the PC itself, we still…
Windows 2019 RDS and Azure AD SSO
Hello, customer has an onprem virtual Windows 2019 RDS which is hybrid azure ad-joined. When users connect to RDS with Windows Hello fingerprint or PIN, they dont get…
Windows 2019 RDS and Azure AD SSO
Hello, customer has an onprem virtual Windows 2019 RDS which is hybrid azure ad-joined. When users connect to RDS with Windows Hello fingerprint or PIN, they dont get…
Why without Consent AzureAD Application Refresh Token gets delivered
Trying to get an access_token and refresh_token in. For this I am doing an oauth2 call with help of https://login.microsoftonline.com/{{ Tenant-ID }}/oauth2/v2.0/authorize?...... and where the response_type is code. With help of the CODE the…
Why without Consent AzureAD Application Refresh Token gets delivered
Trying to get an access_token and refresh_token in. For this I am doing an oauth2 call with help of https://login.microsoftonline.com/{{ Tenant-ID }}/oauth2/v2.0/authorize?...... and where the response_type is code. With help of the CODE the…
New Blog | 2023 Holiday DDoS Protection Guide
As the holiday season approaches, businesses and organizations should brace for an increase in Distributed Denial of Service (DDoS) attacks. Historically, this period has seen a spike in such attacks,…
New Blog | 2023 Holiday DDoS Protection Guide
As the holiday season approaches, businesses and organizations should brace for an increase in Distributed Denial of Service (DDoS) attacks. Historically, this period has seen a spike in such attacks,…
Entra Customers – MsalServiceException: AADSTS131010: User not allowed by policy conditions.
Getting this exception on signup. Signin logs show Interrupted (KMSI) and Success. No condition policy applied. Logging in in new window doesn't cause the issue, only first sign up. …
Entra Customers – MsalServiceException: AADSTS131010: User not allowed by policy conditions.
Getting this exception on signup. Signin logs show Interrupted (KMSI) and Success. No condition policy applied. Logging in in new window doesn't cause the issue, only first sign up. …
Enable Guests to be able to send email to Group
The goal of this post is to find a way to allow specific external users to send an email message to a Group. I wish to do this via whitelist:…
Enable Guests to be able to send email to Group
The goal of this post is to find a way to allow specific external users to send an email message to a Group. I wish to do this via whitelist:…
External Sharing – Microsoft Accounts
Hi, We run into an issue from time to time where we share something via OneDrive/SharePoint with a guest user and that users email address is associated with a…
External Sharing – Microsoft Accounts
Hi, We run into an issue from time to time where we share something via OneDrive/SharePoint with a guest user and that users email address is associated with a…
Exporting AD users details on a schedule
I have a PowerShell script that I use to extract a csv details from Entra. I would like to do this on a schedule. However as the admin account uses…
Exporting AD users details on a schedule
I have a PowerShell script that I use to extract a csv details from Entra. I would like to do this on a schedule. However as the admin account uses…
ID Protection — CA policy for Sign-in Frequency enabled
On the Security Score dashboard, I have a recommendation: Ensure Sign-in frequency is enabled and browser sessions are not persistent for Administrative usersDescriptionForcing a time out for MFA will help…
ID Protection — CA policy for Sign-in Frequency enabled
On the Security Score dashboard, I have a recommendation: Ensure Sign-in frequency is enabled and browser sessions are not persistent for Administrative usersDescriptionForcing a time out for MFA will help…
Azure Entra ID & Servicenow Query
Hi Team, I have done the integration between Azure Entra ID and ServiceNow in my personal instance. This is for pushing all the user & group data from Azure…
Azure Entra ID & Servicenow Query
Hi Team, I have done the integration between Azure Entra ID and ServiceNow in my personal instance. This is for pushing all the user & group data from Azure…
New Blog | Identity at Microsoft Ignite: Securing access in the era of AI
Everything we’re adding to Microsoft Entra is designed to help you stay ahead of the evolving threat landscape. It all comes down to one principle: make it easier for you to stay…
New Blog | Identity at Microsoft Ignite: Securing access in the era of AI
Everything we’re adding to Microsoft Entra is designed to help you stay ahead of the evolving threat landscape. It all comes down to one principle: make it easier for you to stay…
Is Entra ID P1 required for SAML SSO?
I'm getting conflicting info about SAML SSO. We have a mixture of Microsoft 365 Business Standard and Business Basic users. No one has Azure AD/Entra ID P1 licenses. Is P1…
Is Entra ID P1 required for SAML SSO?
I'm getting conflicting info about SAML SSO. We have a mixture of Microsoft 365 Business Standard and Business Basic users. No one has Azure AD/Entra ID P1 licenses. Is P1…
Azure AD Access Package and external user experience
Hi, I have created the AzureAD Access Package for external guest users. Created a catalog Added two resources to the catalog AAD security group for my external users ServiceNow SSO…
Azure AD Access Package and external user experience
Hi, I have created the AzureAD Access Package for external guest users. Created a catalog Added two resources to the catalog AAD security group for my external users ServiceNow SSO…
Microsoft alert regarding the Yahoo mail app
I have been receiving Admin alerts from Microsoft stating: "We've detected users in your tenant may have had email messages unexpectedly deleted by the Yahoo mail app". The recommended action is…
AAD Connect is syncing two domains that are federated. Want to stop syncing one
Good morning. We aquired a company and federated with their domain. We have an AAD connect client that is syncronizing ours and their domain to our M365 tenant. We are…
Microsoft Entra ID: Advanced Threat Hunting – AzureADRecon and Microsoft Sentinel
Dear Microsoft Entra ID Friends: This article is about collecting information with the AzureADRecon tool. We use this information to investigate a hypothesis and start the hunt with…
Entra ID – user sign-ins (non-interactive) – failed connection attempts
Hello,In user sign-ins (non-interactive), we have several failed connection attempts every day.Authentication requirement Single-factor authenticationStatus FailureFailure reason Error validating credentials due to invalid username or password.Additional Details The user didn't enter the right credentials.…
I need to export Guest users’ “Last Login Date/Time”.
Could anyone point me in the right direction to export a CSV of last login date/time for Guest users on Entra/Azure AD? I can see the data in Entra…
UPN Mismatch between Local AD and Azure AD (Entra ID) impact on user sign-ins and SSO?
Hello Smart people, I have a Active Directory domain to be synced with Entra ID. This Entra ID tenancy though, is already exists and users are created. There are…
23H2 Passkeys: default to security key instead of mobile devices
Microsoft invested time & money to introduce Passkeys in Windows 11 23H2, as it should. Unfortunately, it defaults to a mobile device (iPhone, iPad or Android device) everytime you try to log…
New Blog | Get insights on identity and network access solutions at Microsoft Ignite, Nov 15-17 2023
Microsoft Ignite runs from November 15 – 17, 2023! We’re looking forward to you joining us online starting at 9:00 AM PDT for the global digital sessions. Even though the in-person…
New Blog | Emphasizing Security by Default with Advanced Microsoft Authenticator Features
It's been repeatedly emphasized the importance of multifactor authentication (MFA) and emphasized that not all MFA is equal – the Authenticator is much more secure than phone authentication (so hang up!). Through the…
RDP Private Resources using Microsoft Entra Private Access – Quick Access
New blog post: RDP Private Resources using Microsoft Entra Private Access - Quick Access RDP Private Resources using Microsoft Entra Private Access - Quick Access | LinkedIn
Microsoft Entra ID Continuous access evaluation and how it works!
Dear Microsoft Entra ID Friends, In this article, we take a closer look at Microsoft Entra ID continuous access evaluation. What is Microsoft Entra ID Continuous access…
How to correctly implement Entra ID Connect sync when users exists in Entra ID as cloud users?
Hi Everyone, I have a small on-premises exchange server 2016 setup which we're planning to make Hybrid. We do have a O365 environment (Business Standard Licensed) which is independent…